From e4cfad3e8e08ec96a014db4f59a3fece10260084 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 7 Dec 2025 08:47:50 +0000 Subject: [PATCH 1/4] Initial plan From a3d14e66a624feebd752b1262e929ecc2a2ed7a1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 7 Dec 2025 09:05:21 +0000 Subject: [PATCH 2/4] Fix safe-inputs MCP server missing type field for Claude The safe-inputs MCP server HTTP configuration was missing the required "type": "http" field for Claude engine. The MCP specification requires this field for HTTP transport. This was causing Claude to fail with "Invalid MCP configuration:" error when trying to load the MCP configuration. The fix ensures that the "type": "http" field is always included in the safe-inputs MCP configuration, regardless of the engine. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/dev.lock.yml | 1 + pkg/workflow/safe_inputs.go | 6 ++---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml index 8a7a03e3fe5..3ab30958c6f 100644 --- a/.github/workflows/dev.lock.yml +++ b/.github/workflows/dev.lock.yml @@ -1793,6 +1793,7 @@ jobs: { "mcpServers": { "safeinputs": { + "type": "http", "url": "http://localhost:$GH_AW_SAFE_INPUTS_PORT", "headers": { "Authorization": "Bearer $GH_AW_SAFE_INPUTS_API_KEY" diff --git a/pkg/workflow/safe_inputs.go b/pkg/workflow/safe_inputs.go index e8a8bb280d7..937850a2adf 100644 --- a/pkg/workflow/safe_inputs.go +++ b/pkg/workflow/safe_inputs.go @@ -543,10 +543,8 @@ func renderSafeInputsMCPConfigWithOptions(yaml *strings.Builder, safeInputs *Saf // Use HTTP transport configuration yaml.WriteString(" \"" + constants.SafeInputsMCPServerID + "\": {\n") - // Add type field for HTTP - if includeCopilotFields { - yaml.WriteString(" \"type\": \"http\",\n") - } + // Add type field for HTTP (required by MCP specification for HTTP transport) + yaml.WriteString(" \"type\": \"http\",\n") // HTTP URL using environment variable if includeCopilotFields { From 1e62ee4064db2f0a6c659e8e2ce80eb83bde4022 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 7 Dec 2025 09:10:12 +0000 Subject: [PATCH 3/4] Update safe-inputs HTTP tests for health endpoint without auth The health endpoint (/health) for the safe-inputs MCP server doesn't require authentication, so the tests should check for the correct health check command without Authorization headers. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- .github/workflows/release.lock.yml | 6 +++--- pkg/workflow/safe_inputs_http_integration_test.go | 9 ++++----- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.lock.yml b/.github/workflows/release.lock.yml index e5577baff77..42744f2d5a3 100644 --- a/.github/workflows/release.lock.yml +++ b/.github/workflows/release.lock.yml @@ -5969,19 +5969,19 @@ jobs: - name: Download Go modules run: go mod download - name: Generate SBOM (SPDX format) - uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 + uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0 with: artifact-name: sbom.spdx.json format: spdx-json output-file: sbom.spdx.json - name: Generate SBOM (CycloneDX format) - uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 + uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0 with: artifact-name: sbom.cdx.json format: cyclonedx-json output-file: sbom.cdx.json - name: Upload SBOM artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: sbom-artifacts path: | diff --git a/pkg/workflow/safe_inputs_http_integration_test.go b/pkg/workflow/safe_inputs_http_integration_test.go index 2a473b027dc..f7a9ff25954 100644 --- a/pkg/workflow/safe_inputs_http_integration_test.go +++ b/pkg/workflow/safe_inputs_http_integration_test.go @@ -91,9 +91,9 @@ Test safe-inputs HTTP server } } - // Verify health check + // Verify health check (health endpoint doesn't require auth) healthCheckItems := []string{ - "curl -s -f -H \"Authorization: Bearer", + "curl -s -f http://localhost:$GH_AW_SAFE_INPUTS_PORT/health", "Safe Inputs MCP server is ready", "ERROR: Safe Inputs MCP server failed to start", } @@ -322,11 +322,10 @@ Test readiness check yamlStr := string(lockContent) - // Verify readiness check loop + // Verify readiness check loop (health endpoint doesn't require auth) readinessChecks := []string{ "for i in {1..10}; do", - "if curl -s -f -H \"Authorization: Bearer", - "http://localhost:$GH_AW_SAFE_INPUTS_PORT/", + "if curl -s -f http://localhost:$GH_AW_SAFE_INPUTS_PORT/health", "Safe Inputs MCP server is ready", "break", "if [ $i -eq 10 ]; then", From 8e07b756c8fafb8160a3073a019039d7e5b808a1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 7 Dec 2025 12:55:07 +0000 Subject: [PATCH 4/4] Add changeset for PR #5729 [skip-ci] --- .changeset/patch-auto-generated-pr-5729.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .changeset/patch-auto-generated-pr-5729.md diff --git a/.changeset/patch-auto-generated-pr-5729.md b/.changeset/patch-auto-generated-pr-5729.md new file mode 100644 index 00000000000..e884d994d5e --- /dev/null +++ b/.changeset/patch-auto-generated-pr-5729.md @@ -0,0 +1,8 @@ +--- +"gh-aw": patch +--- + +Auto-generated changeset for pull request #5729 — no description provided. + +This is a default `patch` changeset because the PR description is empty; internal or tooling changes are considered patch-level. +